How to create a VPN server with Microsoft Azure
Learn how to create a personal VPN server using Microsoft Azure and Meshnet.
Last updated
Learn how to create a personal VPN server using Microsoft Azure and Meshnet.
Last updated
© 2024 Nord Security. All Rights Reserved.
Microsoft Azure is a cloud computing platform that provides a range of options for people looking to host their services on the cloud. Azure's extensive features and benefits make it a great choice to host a VPN server.
With Microsoft Azure, you can easily create and manage various virtual machines (VMs). Its global network of data centers ensures fast and reliable access to your services from anywhere in the world. Additionally, Azure has a flexible pricing model, offering a free subscription and allowing you to pay only for the resources you use once the free trial expires.
By using Meshnet in tandem with Azure, you can turn a simple VM into a secure VPN server without any advanced configuration.
This guide showcases how you can make a VPN server from a VM hosted by Microsoft Azure using Meshnet’s traffic routing feature.
Note
Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a strict no-logs policy.
To follow this guide, you need an active Microsoft Azure account. You can sign up for free on the Azure website.
First, you need to create a VM on Azure. While this guide focuses on setting up an Ubuntu VM, Azure allows you to create Windows VMs as well.
Log in to your Azure account.
From your Azure portal, click Virtual machines.
Click Create and select Azure virtual machine.
In the Instance details section, name your VM, select its region, and choose the operating system (for example, Ubuntu 22.04 LTS).
Under Administrator account, select SSH public key authentication or create a password and choose the name of the administrator user of the VM.
Click Review + create.
Click Create.
Note
If you chose the SSH key authentication type, you will receive a Generate new key pair message after clicking the Create button. Select the Download private key and create resource option to download the private key file.
Another method of managing Azure resources is the Azure Command-line interface (CLI). The Azure CLI allows you to create, deploy, and manage your Azure resources without using the internet browser. This method is highly beneficial for automation or server environments.
To interact with Azure using CLI, you need to install the Azure CLI application on your device. Installation instructions for all compatible operating systems can be found on the Azure CLI documentation page.
Upon installing Azure CLI, log in to your Azure account by taking these steps:
Open PowerShell (on Windows) or Terminal (on macOS and Linux).
Run the following command to start the login process:
Open the generated URL in an internet browser.
Log in to your Azure account.
Authenticate using the code provided in your CLI window.
Azure uses resource groups to manage your VMs and their related resources. To create a resource group for your VPN server:
Open PowerShell.
Define the environmental variables for your VM by running the following commands:
Where:
<groupName>
is a custom name for your resource group.
<location>
is the region where your VM will be located.
You can check region names with the az account list-locations -o table
command.
<vmName>
is a custom name for your VM.
<imageName>
is the name of the operating system image for your VM.
You can find image names for Ubuntu Server on the Ubuntu documentation page.
<username>
is the name of the user account for your VM.
Example
Create the resource group with this command:
Note
The environmental variables will be reset if you close the PowerShell window.
With the environment variables defined and the resource group created, you can deploy your VM in Azure.
In PowerShell, execute the following command to create the virtual machine in Azure:
This command automatically generates an SSH key pair for your VM and places it in the default SSH directory (~/.ssh
). Once the VM is created, you will see an output of the VM's information.
Once your VM is deployed, you can access it over SSH. The way to access the VM depends on which authentication method you chose while creating it.
To use the SSH key for authentication, you need to set the private key’s permissions to read-only.
Open PowerShell.
Run the following three commands to apply the permission change, substituting </path/to/private/key>
with the path to the downloaded private key:
Example
Open Terminal.
Run the following command to apply the permission change, substituting </path/to/private/key>
with the path to the downloaded private key:
Example
Locate the public IP address of your VM.
If you created the VM using Azure CLI, you can run one of the following commands: For Windows in PowerShell:
For macOS and Linux in Terminal:
Run the ssh -i </path/to/private/key> <username>@<server>
command in PowerShell or Terminal, where:
</path/to/private/key>
is the location of the downloaded SSH private key.
<username>
is the name of the administrator user of the VM.
<server>
is the VM’s public IP address.
Example
Type in yes
and press Enter to confirm the connection.
You should now be connected to your Azure VM.
Follow these steps to install NordVPN on your virtual server:
Download and install the NordVPN Linux client by running the command below.
Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
By running the nordvpn login
command with the --token
flag
By running the nordvpn login
command with the --callback
flag
Instructions for both methods are outlined below.
Tip
To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token
command. Otherwise, your token will be revoked.
Note
If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter sudo usermod -aG nordvpn $USER
. Then, reboot your instance and log back in.
Upon logging in, you can enable Meshnet on Linux by typing this command:
To check your server’s Nord name and the Meshnet IP address, enter the following command:
Example
You will also see all of your Meshnet peer devices with their corresponding permissions.
To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:
Example
For more information, see the Traffic routing permissions page.
With Meshnet enabled and the permissions granted, your peer devices should now be able to connect to the server. To connect, start routing traffic from a client device through the VM, which you can find in the list of your Meshnet peer devices.
For specific instructions, see the Routing traffic in Meshnet article.
Your IP address should now be the same as the virtual machine’s. This way, your real public IP address is protected, and the websites you visit will see the location of your VPN server instead of your actual device.
You can find the public IP in the Overview section of the VM in your Azure Portal.
Locate the public IP address of your VM. It can be found in the Overview section of the VM in your Azure Portal.